Apple Patches Critical Security Flaw Discovered by Toronto Researchers

Apple has patched a security flaw with today’s release of iOS 14.8, iPadOS 14.8, watchOS 7.6.2 and macOS 11.6.

The flaw was discovered by Citizen Lab—a cyber research arm of the University of Toronto—was detailed on Monday, involving the company’s Messages app.

“Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” said the iPhone maker’s document on the patches fixed today.

Citizen Lab said the flaw allowed Israel’s NSO Group to use its malware Pegasus to exploit Apple devices. Just by receiving the PDF, victims could have their phones compromised. The security flaw was used by the Pegasus malware to obtain access to a Saudi activist’s Apple device, said Citizen Lab.

“NSO Group will continue to provide intelligence and law enforcement agencies around the world with life saving technologies to fight terror and crime,” the company said in a statement, reported Bloomberg. The Israeli firm has been criticized numerous times by cyber researchers for its role in assisting regimes break into journalist and activist phones.

Update Sept. 12: You can read Apple’s statement on the matter above as per @MarkGurman.

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.